rm -rf /etc/pki/CA/*.old
touch /etc/pki/CA/index.txt

touch /etc/pki/CA/index.txt.attr
echo "unique_subject = no" > index.txt.attr

echo 01 > /etc/pki/CA/serial
echo 02 > /etc/pki/CA/serial
rm -rf keys
mkdir keys


openssl genrsa -out keys/RootCA.key 2048
openssl req -new -x509 -days 3650 -key keys/RootCA.key -out keys/RootCA.crt


openssl genrsa  -out keys/secondCA.key 2048
openssl rsa -in keys/secondCA.key -out keys/secondCA.key
openssl req -new -days 3650 -key keys/secondCA.key -out keys/secondCA.csr
openssl ca -extensions v3_ca -in keys/secondCA.csr -config openssl.cnf -days 3650 -out keys/secondCA.crt -cert keys/RootCA.crt -keyfile keys/RootCA.key


openssl genrsa -out keys/thirdCA.key 2048
openssl rsa -in keys/thirdCA.key -out keys/thirdCA.key
openssl req -new -days 3650 -key keys/thirdCA.key -out keys/thirdCA.csr
openssl ca -extensions v3_ca -in keys/thirdCA.csr -config  openssl.cnf -days 3650 -out keys/thirdCA.crt -cert keys/secondCA.crt -keyfile keys/secondCA.key

openssl genrsa -out keys/server.key 2048
openssl rsa -in keys/server.key -out keys/server.key
openssl req -new -days 3650 -key keys/server.key -out keys/server.csr
openssl ca -in keys/server.csr -config openssl.cnf -days 3650 -out keys/server.crt -cert keys/thirdCA.crt -keyfile keys/thirdCA.key

